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DETAILED ACTION 

1 . This action is responding to application papers filed on 1-19-2007. 

2. Claims 20 - 26, 28 - 40, 42 - 47 are pending. Claims 20, 25, 26, 28, 34, 39, 40 
have been amended. Claims 1-19, 27, 41 have been cancelled. Claims 20, 22, 26, 
29, 32, 34, 36, 40, 43, 46 are independent. 

Response to Remarks 

3. The following is in response to applicant's remarks dated January 19, 2007. 

3. 1 Applicant argues, "... requesting by the second member authorization (see 
Remarks Pages 9, 10 and amended claims) 

This is an added limitation and will be addressed when the claims are addressed. 

3.2 Applicant argues, "... including the published token to each member of the 
secure group (see Remarks Page 9 and amended claims) 

This is an added limitation and will be addressed when the claims are addressed. 

3.3 Applicant argues, " ...publish ... ". (see Remarks Page 10) 

The Yeager prior art disclose the capability to publish information (i.e. including a 
certificate), and the capability for peers to have persistent storage (i.e. database) for 
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access to the published security information (i.e. certificate), (see Yeager paragraph 
[0256], lines 1-10) 

3.4 Applicant argues, "... a revocation bitmap (see Remarks Page 1 1) 

The Yeager and Aguilera prior art combination discloses a bitmap to be utilized as 
bits of revocation data. This is equivalent to applicant's invention whereby the 
manipulation of a bitmap to indication revocation information, (see Aguilera paragraph 
[0031], lines 1-5: bitmap representation for revocation list; paragraph [0027], lines 17- 
20: update revocation list, in order to revoke an entity (i.e. member)) 

3.5 The examiner has considered the applicant's remarks concerning a system for 
providing security to a set of interconnected network nodes includes the capability to 
monitor calls to the system, a group security manager configured to perform security- 
related acts by interacting with a group database to propagate security-related 
information to members of the group. Applicant's arguments have thus been fully 
analyzed and considered but they are not persuasive. 

After an additional analysis of the applicant's invention, remarks, and a search of 
the available prior art, it was determined that the current set of prior art consisting of 
Yeager (20050086300), Aquilera (20040243827), Yellepeddy (20040111607) and Pabla 
(20040162871) discloses the applicant's invention including disclosures in Remarks 
dated January 19, 2007. 
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Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 20, 34 are rejected under 35 U.S.C. 1 12, first paragraph, as based on a 
disclosure, which is not enabling. 

There is no disclosure for this assertion in the specification and the original claims. 
The only disclosure for a second member is in the original claims. The original claims 
state that a first member connects to a second member. There is no indication to 
designate any particular member is making the certificate renewal request. 

This disclosure is critical or essential to the practice of the invention, but not 
included in the claim(s) is not enabled by the disclosure. See In re Mayhew, 527 
F.2d 1 229, 1 88 USPQ 356 (CCPA 1 976). 

Claims 26, 40 are rejected under 35 U.S.C. 112, first paragraph, as based on a 
disclosure, which is not enabling. 

There is no disclosure for this assertion in the specification and the original 
claims. The only disclosure for a published token in a graph database is in claim 41 . 
The claim limitation states that security related information is available to the group 
member. There is no disclosure of the availability of information to each member of the 
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"secure" group. There is no disclosure that specifically the published token is the one 
piece of security related information made available to the each group member. 

This disclosure is critical or essential to the practice of the invention, but not 
included in the claim (s) is not enabled by the disclosure. See In re Mayhew, 527 
F.2d 1229, 188 USPQ 356 (CCPA 1976). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 20 - 25, 34 - 39 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Yeager in view of Yellepeddy et al. (US Patent No. 20040111607). 

Regarding Claims 20, 34, Yeager discloses a method for a member in a group within a 
graph of interconnected peer nodes to granting privileges, the method comprising: 
a) receiving a certificate renewal request to a second member in the group; (see 

Yeager paragraph [paragraph [0225], lines 9-13: pipes, communications channel 

for data transmission between peer members) 
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Yeager discloses wherein the capability to renew membership in a peer group, and 
wherein the renewal is based on authorization from the administrator or based on 
one or more security policies, (see Yeager paragraph [0558], lines 4-8: membership 
renewal (i.e. remove, add) capability; paragraph [0225], lines 4-9: security policies 
utilized) Yeager does not specifically disclose the capability to renew a certificate. 
However, Yellepeddy discloses: 

b) requesting bv the second member authorization from an administrator for 
renewing the certificate, (see Yellepeddy paragraph [0092], lines 1-5: renew 
certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Yellepaddy to enable the capability to renew a certificate in the 
processing of authentication information. One of ordinary skill in the art would have 
been motivated to employ the teachings of Yellepaddy in order to, within a 
cryptographic authentication environment, optimize verification and validation of the 
availability of a certificate utilizing an online status check protocol, (see Yellepaddy 
paragraph [0010], lines 1-4: "... would be advantageous to have a method and 
system that for configuring a set of OCSP responders in order to improve the 
availability of each of the OCSP responders. ...") 

Regarding Claims 21, 35, Yeager discloses the method, computer-readable medium of 
claims 20, 34 wherein the renewal is based on the security policies if the authorization 
from the administrator is not received, (see Yeager paragraph [0086], lines 1-7: 
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software; paragraph [0225], lines 4-9: membership based on policies) Yeager does not 
specifically disclose the capability to renew a certificate. However, Yellepeddy 
discloses wherein the capability for the renewal of a certificate, (see Yellepeddy 
paragraph [0092], lines 1-5: renew certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Yellepaddy to enable the capability to renew a certificate in the processing of 
authentication information. One of ordinary skill in the art would have been motivated 
to employ the teachings of Yellepaddy in order to, within a cryptographic authentication 
environment, to optimize verification and validation of the availability of a certificate 
utilizing an online status check protocol, (see Yellepaddy paragraph [0010], lines 1-4) 

Regarding Claims 22, 36; Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for a member in a group within 
a graph of interconnected peer nodes to renew a certificate granting privileges, the 
method comprising: 

Yeager discloses the capability to publish content, peer information or records (see 
Yeager paragraph [0086], lines 1-7: software, computer readable medium; 
paragraph [0223], lines 6-11: publish content, peer information or records), and the 
capability to renew membership based on security policies (see Yeager paragraph 
[0225], lines 4-9: renew membership). Yeager does not specifically disclose the 
capability to renew a certificate. 
However, Yellepeddy discloses: 
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a) a request to renew the certificate; (see Yellepeddy paragraph [001 1 ], lines 7-1 1 : 
request; paragraph [0225], lines 4-9: renew certificate) and 

b) performing renewal, (see Yellepeddy paragraph [0092], lines 1-5: renew 
certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Yellepaddy to enable the capability to process a request to renew a 
certificate in the processing of authentication information. One of ordinary skill in 
the art would have been motivated to employ the teachings of Yellepaddy in order 
to, within a cryptographic authentication environment, to optimize verification and 
validation of the availability of a certificate utilizing an online status check protocol, 
(see Yellepaddy paragraph [0010], lines 1-4) 

Regarding Claims 23, 37, Yeager discloses the method, computer-readable medium of 
claims 22, 36 wherein the renewal is performed online, the method further comprising: 

the graph of interconnected nodes (see Yeager paragraph [0029], lines 1-6: multiple 

interconnected nodes). Yeager does not specifically disclose the capability to 

process a certificate chain, or renew a certificate. 

However, Yellepeddy discloses: 

a) contacting one or more authorized members with a shorter chain before 

contacting authorized members with a longer chain; (see Yellepeddy paragraph 
[0057], lines 16-19; paragraph [0079], lines 1-5; paragraph [0079], lines 14-22: 
certificate chain processing, chain length (i.e. short or long)) and 
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b) performing one or more renewal attempts to achieve a chain that is of shorter 
length, wherein number of renewal attempts are proportional to length of the 
chain; (see Yellepeddy paragraph [0057], lines 16-19; paragraph [0079], lines 1- 
5; paragraph [0079], lines 14-22: certificate chain processing, chain length (i.e. 
short or long); paragraph [0225], lines 4-9: renew certificate) and 

c) if a chain is beyond a predetermined length, performing an offline renewal to 
shorten the chain, (see Yellepeddy paragraph [0057], lines 16-19; paragraph 
[0079], lines 1-5; paragraph [0079], lines 14-22: certificate chain processing, 
chain length (i.e. short or long); paragraph [0225], lines 4-9: renew certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Yellepaddy to enable the capability to utilize a certificate chain, and 
renew a certificate in the processing of authentication information. One of ordinary 
skill in the art would have been motivated to employ the teachings of Yellepaddy in 
order to, within a cryptographic authentication environment, to optimize verification 
and validation of the availability of a certificate utilizing an online status check 
protocol, (see Yellepaddy paragraph [0010], lines 1-4) 

Regarding Claims 24, 38, Yeager discloses the method, computer-readable medium of 
claims 22, 36. (see Yeager paragraph [0086], lines 1-7: software, computer readable 
medium) Yeager does not specifically disclose the capability to process a certificate 
chain, or renew a certificate. However, Yellepeddy disclose wherein the renewal is 
repeated if a shorter chain can be achieved, (see Yellepeddy paragraph [0057], lines 
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16-19; paragraph [0079], lines 1-5; paragraph [0079], lines 14-22: certificate chain 
processing, chain length (i.e. short or long); paragraph [0225], lines 4-9: renew 
certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Yellepaddy to enable the capability to utilize a certificate chain, and renew a 
certificate in the processing of authentication information. One of ordinary skill in the 
art would have been motivated to employ the teachings of Yellepaddy in order to, within 
a cryptographic authentication environment, to optimize verification and validation of the 
availability of a certificate utilizing an online status check protocol, (see Yellepaddy 
paragraph [0010], lines 1-4) 

Regarding Claims 25, 39, Yeager discloses the method, computer-readable medium of 
claims 22, 36 wherein more than one authorized member is the group is active, each 
authorized member in the group enabled to process the request, (see Yeager 
paragraph [0086], lines 1-7: software, computer readable medium; paragraph [0558], 
lines 4-8: more than one member authorized to process requests) Yeager does not 
specifically disclose, the capability to process a certificate chain, or renew a certificate. 
However, Yellepeddy disclose wherein enabled to process the renewal request, 
providing each authorized member in the group with a random back-off period prior to 
attempting to process the renewal request, the random back-off proportional to a length 
of the chain of the authorized member, (see Yellepeddy paragraph [0057], lines 16-19; 
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paragraph [0079], lines 1-5; paragraph [0079], lines 14-22: certificate chain processing, 
chain length (i.e. short or long); paragraph [0092], lines 1-5: renewal of certificate) 

It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Yellepaddy to enable the capability to utilize a certificate chain, and renew a 
certificate in the processing of authentication information. One of ordinary skill in the 
art would have been motivated to employ the teachings of Yellepaddy in order to, within 
a cryptographic authentication environment, to optimize verification and validation of the 
availability of a certificate utilizing an online status check protocol, (see Yellepaddy 
paragraph [0010], lines 1-4) 

7. Claims 32, 33, 46, 47 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Yeager in view of Aguilera et al. (US Patent No. 20040243827). 

Regarding Claims 32, 46, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for revoking one or more 
members of a group of interconnected nodes within a graph, the method comprising: 
a group of interconnected nodes or a graph (see Yeager paragraph [0029], lines 1-6: 
grouping of interconnected nodes), the usage of software for prior art 
implementation, and the usage of one or more serial numbers, the one or more 
serial numbers identifying the one or more members of the group, (see Yeager 
paragraph [0086], lines 1-7: software, computer-readable medium; paragraph 
[0173], lines 1-6: unique identification (i.e. UUID) or serial numbers as identification 
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information) Yeager does not specifically disclose the usage or update of a 
revocation bitmap. 
However, Aguilera discloses: 

a) identifying one or more bits in a revocation bit map, the bits identifying the one or 
more members of the group; (see Aguilera paragraph [0031], lines 1-5: bitmap 
representation for revocation list) and 

b) altering the one or more bits in the revocation bit map, the altering revoking the 
one or more members of the group, (see Aguilera paragraph [0031], lines 1-5: 
bitmap representation for revocation list; paragraph [0027], lines 17-20: update 
revocation list, in order to revoke an entity (i.e. member)) 

It would have been obvious to one of ordinary skill in the art to modify Yeager 
as taught by Aguilera to enable a bitmap representation for revocation list 
information. One of ordinary skill in the art would have been motivated to employ 
the teachings of Aguilera in order to, within a cryptographic authentication peer-to- 
peer environment, enable the capability to utilize a small amount storage for the 
bitmap revocation information, (see Aquilera paragraph [0031], lines 1-5: 11 ... It is 
worth noting that the group list and the revocation list can be stored as a bitmap or 
as explicit lists. The bitmap representation has the advantage that it is compact, but 
it requires capability identifiers to be small and thus limits the number of outstanding 
capabilities. ...") 
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Regarding Claims 33, 47, Yeager discloses the method, computer-readable medium of 
claims 32, 46. (see Yeager paragraph [0086], lines 1-7: software, computer-readable 
medium) Yeager does not specifically disclose the usage or update of a revocation 
bitmap. However, Aguilera discloses wherein the revocation bitmap is scalable, (see 
Aquilera paragraph [0031], lines 1-5: bitmap representation for revocation list; 
paragraph [0033], lines 1-3: scalable, adjustable size for bitmap representation) 

It would have been obvious to one of ordinary skill in the art to modify Yeager as 
taught by Aguilera to enable a bitmap representation for revocation list information. 
One of ordinary skill in the art would have been motivated to employ the teachings of 
Aguilera in order to, within a cryptographic authentication peer-to-peer environment, 
enable the capability to utilize a small amount storage for the bitmap revocation 
information, (see Aquilera paragraph [0031], lines 1-5) 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of 35 U.S.C. 102 which forms the basis for all 
obviousness rejections set forth in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

9. Claims 26, 28 - 31, 40, 42 - 45 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Yeager et al. (US PGPUB No. 20050086300). 
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Regarding Claims 26, 40, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for ensuring that a publisher of 
information in a record to a secure group in a graph of interconnected nodes has 
authority to publish to the secure group, the method comprising: 

a) creating a token (see Yeager paragraph [0577], lines 7-1 1 : tokens, credentials 
utilized for security) for the publisher, the token containing information located in 
a role assigned to the publisher, the role identifying privileges of the publisher; 
(see Yeager paragraph [0578], lines 4-6: role assignments, privileges assigned) 
and 

b) matching the token (see Yeager paragraph [0577], lines 7-1 1 : tokens, credentials 
utilized for security) against a security descriptor for the record to be published, 
the security descriptor providing a list of rights associated with each role, wherein 
the token is published in a graph database, the graph database providing 
security related information including the published token to each member of the 
secure group. , (see Yeager paragraph [0578], lines 4-6: privileges, access 
control list linked to role; paragraph [0256], lines 1-3: storage, database 
containing security information)) 

Regarding Claims 28, 42, Yeager discloses the method, computer-readable medium of 
claims 26, 40 wherein the graph database enables deferred record validation by 
enabling a group member to defer until required security information is available to the 
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group member, (see Yeager paragraph [0256], lines 1-3: storage, database containing 
peer information) 

Regarding Claims 29, 43, Yeager discloses a method, computer-readable medium 
having computer-executable instructions to perform acts for revoking a member of a 
group of interconnected nodes within a graph, the method comprising: 

a) publishing a revocation record to the group, the revocation record identifying the 
member; (see Yeager paragraph [0086], lines 1-6: software, computer readable 
medium; paragraph [0223], lines 6-1 1 : publish content, peer information or 
records: publish content, peer information; paragraph [0558], lines 4-8: remove or 
revoke membership) and 

b) revoking any records published by the member according to the revocation 
record, (see Yeager paragraph [0223], lines 6-1 1 : publish content, peer 
information or records; paragraph [0558], lines 4-8: remove or revoke 
membership) 

Regarding Claims 30, 44, Yeager discloses the method, computer-readable medium of 
claims 29, 43 wherein the revocation record is published with validation time sufficient to 
ensure that a current certificate of the revoked group member expires before the 
revocation, (see Yeager paragraph [0591], lines 7-10: expiration time period for 
credentials; paragraph [0558], lines 4-8: remove or revoke membership; paragraph 
[0135], lines 1-3; paragraph [0135], lines 5-11: certificate utilization) 
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Regarding Claims 31, 45, Yeager discloses the method, computer-readable medium of 
claim 29 wherein if the member to be revoked is an administrator, the administrator 
privileges are first deprecated prior to the publishing the revocation record, (see Yeager 
paragraph [0086], lines 1-6: software, computer readable medium; paragraph [0558], 
lines 4-8: some members, managers, administrators to remove membership in peer 
group) 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Carlton V. Johnson whose telephone number is 571- 
270-1 032. The examiner can normally be reached on Monday thru Friday , 8:00 - 
5:00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




Carlton V. Johnson 

Examiner 

Art Unit 2136 



March 28, 2007 



